You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@flink.apache.org by GitBox <gi...@apache.org> on 2022/07/22 16:20:39 UTC

[GitHub] [flink-kubernetes-operator] jeesmon opened a new pull request, #327: [FLINK-28637] Set explicit version for okhttp to fix vulnerability

jeesmon opened a new pull request, #327:
URL: https://github.com/apache/flink-kubernetes-operator/pull/327

   ## What is the purpose of the change
   
   Setting explicit version for okhttp until we can upgrade to new version of JSODK with the fix.
   
   ## Brief change log
   
     - Setting explicit version for okhttp to 4.10.0 to fix PRISMA-2022-0239 
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [flink-kubernetes-operator] jeesmon commented on pull request #327: [FLINK-28637] Set explicit version for okhttp to fix vulnerability (main)

Posted by GitBox <gi...@apache.org>.

jeesmon commented on PR #327:
URL: https://github.com/apache/flink-kubernetes-operator/pull/327#issuecomment-1194049256

   @gyfora Locally I extracted META-INF/DEPENDENCIES from flink-kubernetes-operator-1.0-SNAPSHOT-shaded.jar and checked okhttp version and found it included 4.10.0. Is that enough?
   
   ```
   docker run --rm -it flink-kubernetes-operator:1.0-SNAPSHOT-xxx bash
   cd
   jar xf /flink-kubernetes-operator/flink-kubernetes-operator-*-shaded.jar META-INF/DEPENDENCIES
   grep -A 1 okhttp META-INF/DEPENDENCIES
     - okhttp-logging-interceptor (https://square.github.io/okhttp/) com.squareup.okhttp3:logging-interceptor:jar:4.10.0
       License: The Apache Software License, Version 2.0  (http://www.apache.org/licenses/LICENSE-2.0.txt)
     - okhttp (https://square.github.io/okhttp/) com.squareup.okhttp3:okhttp:jar:4.10.0
       License: The Apache Software License, Version 2.0  (http://www.apache.org/licenses/LICENSE-2.0.txt)
   ```    
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [flink-kubernetes-operator] gyfora commented on pull request #327: [FLINK-28637] Set explicit version for okhttp to fix vulnerability (main)

Posted by GitBox <gi...@apache.org>.

gyfora commented on PR #327:
URL: https://github.com/apache/flink-kubernetes-operator/pull/327#issuecomment-1193798423

   It's not completely clear how this affects the okhttp version shaded/relocated in the `flink-kubernetes-shaded` module. Did you check which version is included in the fatjar? 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [flink-kubernetes-operator] gyfora merged pull request #327: [FLINK-28637] Set explicit version for okhttp to fix vulnerability (main)

Posted by GitBox <gi...@apache.org>.

gyfora merged PR #327:
URL: https://github.com/apache/flink-kubernetes-operator/pull/327


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org